Home / Spyware Help / DDT Ransomware Removal Guide

DDT Ransomware Removal Guide

by 0 Comments

Do you know what DDT Ransomware is?

Are your personal files safe? They are safe only if backup copies exist outside the original location. DDT Ransomware is one of the thousands of file-encrypting threats that can create a huge chaos if it manages to invade the operating system. It is crucial to have the operating system protected reliably against all threats, and if you do not take care of that, a single click on a seemingly harmless file could make you want to pull the hair right out of your head. The malicious executable of this dangerous infection can be introduced to you via spam emails, and you might execute them unknowingly. Unfortunately, we cannot guarantee that this is how the threat got into your operating system as well. Maybe a different security backdoor was used. In any case, if it got in, you must delete DDT Ransomware.

The bad news is that your personal files will not be automatically revived once you remove DDT Ransomware from the infected operating system. Also, you will not be able to restore your files using an internal backup because this threat is capable of deleting shadow volume copies. Once the files are encrypted, you will see the “.{dresdent@protonmail.com}DDT” extension appended to their original names. Don’t bother deleting this extension because it is the data of your files that needs fixing. Unfortunately, it does not look like there is a fix; at least, not at the time of research. No legitimate decryptor works with this threat at this time, and, of course, we cannot trust cyber criminals. However, they want you to think that your files would be decrypted if you paid money for the “decryptor” they offer.DDT Ransomware Removal GuideDDT Ransomware screenshot
Scroll down for full removal instructions

According to our research team, DDT Ransomware is a new variant of Globeimposter Ransomware, and this infection too pushed victims to pay a ransom. That is why this malware is known as ransomware. DDT Ransomware creates a file named “how_to_back_files.html” to introduce you to the demands. The message declares that you must send a message to dresdent@protonmail.com if you want to restore the files. If you did that, the attackers would then present you with instructions showing how to pay for the alleged decryptor. Because the initial message does not reveal the price or the method of payment, some users might decide to give it a go. Think if that is really such a good idea. Once you contact the attackers, they will know how to reach you, and that means that they could try to scam you in the future, when you least expect it. Also, paying the ransom is extremely risky. We doubt that you would get the decryptor in return for your money.

If you have backups stored outside the infected computer, you will be able to replace the corrupted files after removing DDT Ransomware. If you do not have them, you might have to accept defeat. Ransomware is very destructive, and, hopefully, you will not face any other file-encryptor in the future. To ensure this, you need to secure your operating system, and no one can do it better than a reliable anti-malware program. It will also automatically delete DDT Ransomware and other threats if they found their way into your operating system as well. What about manual removal? That is an option as well, and if you can find the launcher – whose name and location are unknown – you should be successful.

Delete DDT Ransomware from Windows

  1. Find the infection’s launcher file. The name could be random, but it could also be named cmd.exe.
  2. If you can find this file, right-click it and select Delete (if you cannot get rid of this file, you might need to terminate a running process via the Task Manager first).
  3. Launch Run by tapping keys Win+R at the same time and then enter regedit into the dialog box.
  4. Navigate to HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce.
  5. Right-click and Delete a value named BrowserUpdateCheck.
  6. Launch Windows Explorer by tapping keys Win+E at the same time.
  7. Enter %APPDATA% into the bar at the top and then Delete a malicious [random].exe file.
  8. Enter %TEMP% into the bar at the top and then Delete a malicious [name].tmp.bat file.
  9. Empty Recycle Bin and then immediately perform a full system scan with the help of a malware scanner.

In non-techie terms:

DDT Ransomware was created to encrypt your files so that cyber criminals could then push you into paying a ransom for a decryptor that, allegedly, can restore your files. No one can confirm this, and we doubt that the attackers would provide you with a decryptor if you fulfilled their conditions. At the end of the day, they do not care about your files. Unfortunately, at the time of research, decrypting files was not possible, but, of course, you could still replace them with backups. Hopefully, you have your backups stored online or on flash drives because the internal backup system can be destroyed by the infection. All in all, whether or not you get your files back, you need to remove DDT Ransomware. Even if you are able to delete this threat manually, it might be better to install an anti-malware program. It would erase existing threats automatically, but it is most important that it would also enable protection against other infections in the future. s